As I mention in the post, we go across AWS availability zones: these systems have physically separate power and networking. When they fail together, it's because they are connected at the software level -- usually EBS. If you're not using EBS, then Amazon's multi-AZ pattern is sufficient: just make sure your instances are spread across AZs.
Of course, east-1 has fallen off the map entirely on at least one occasion -- for that reason we keep a "seed" set of warm databases in us-west; if east-1 were to have an extended outage we have a disaster recovery plan that involves transferring DNS to IPs in west and spinning up new app instances there.
Of course, east-1 has fallen off the map entirely on at least one occasion -- for that reason we keep a "seed" set of warm databases in us-west; if east-1 were to have an extended outage we have a disaster recovery plan that involves transferring DNS to IPs in west and spinning up new app instances there.